### Simulatable Channels: Extended Security that is Universally Composable and Easier to Prove

Jean Paul Degabriele and Marc Fischlin

##### Abstract

Ever since the foundational work of Goldwasser and Micali, simulation has proven to be a powerful and versatile construct for formulating security in various areas of cryptography. However security definitions based on simulation are generally harder to work with than game based definitions, often resulting in more complicated proofs. In this work we challenge this viewpoint by proposing new simulation-based security definitions for secure channels that in many cases lead to simpler proofs of security. We are particularly interested in definitions of secure channels which reflect real-world requirements, such as, protecting against the replay and reordering of ciphertexts, accounting for leakage from the decryption of invalid ciphertexts, and retaining security in the presence of ciphertext fragmentation. Furthermore we show that our proposed notion of channel simulatability implies a secure channel functionality that is universally composable. To the best of our knowledge, we are the first to study universally composable secure channels supporting these extended security goals. We conclude, by showing that the Dropbear implementation of SSH-CTR is channel simulatable in the presence of ciphertext fragmentation, and therefore also realises a universally composable secure channel. This is intended, in part, to highlight the merits of our approach over prior ones in admitting simpler security proofs in comparable settings.

Available format(s)
Publication info
Keywords
Secure ChannelsCiphertext FragmentationUniversal ComposabilitySubtle Authenticated EncryptionSSH
Contact author(s)
jpdega @ gmail com
marc fischlin @ cryptoplexity de
History
Short URL
https://ia.cr/2018/844

CC BY

BibTeX

@misc{cryptoeprint:2018/844,
author = {Jean Paul Degabriele and Marc Fischlin},
title = {Simulatable Channels: Extended Security that is Universally Composable and Easier to Prove},
howpublished = {Cryptology ePrint Archive, Paper 2018/844},
year = {2018},
note = {\url{https://eprint.iacr.org/2018/844}},
url = {https://eprint.iacr.org/2018/844}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.